Description

/settings GET handler:
1. if the incoming access token is linked with a client credential that has the creation power, return an empty object for preferences;
2. if the incoming access token is linked with a client credential that the creation is not allowed, reject the request with an error.

/settings PUT handler:
1. if the incoming access token is linked with a client credential that has the creation power:
(1) verify the incoming preferences for write/update are allowed, if any one preference is not allowed, reject the request with an error;
(2) if the GPII key is not exist, create the key and its prefs safe
(3) if the GPII key already exists, update the prefs safe
2. if the incoming access token is linked with a client credential that the creation is not allowed, only the update to the prefs safe is allowed.